Syed Jahanzaib Personal Blog to Share Knowledge !

December 14, 2015

Manage Cisco Ports from PHP/VBS/BASH or incoming SMS using kannel/playSMS


linux


 

NOTE:
I am documenting this port just for references purposes. not for everyone. it do requires
some really good knowledge of bash scripting and cisco. These scripts were designed
for very specific network with very targeted requirements. It may not run in your 
network as its really customized and made exclusively for that particular 
network to facilitate terminal and SMS base execution. I will add few sections later
like php and playSMS/kannel.
Regard's
Syed Jahanzaib / 14-DEC-2015 / 1030 hours

 

Scenario:

Two Cisco 3750-E switches are installed in local area. SSH/TELNET access is enabled.
SNMP is also enabled with profile name ‘public‘.

Requirements:

Sometimes any port gets auto shut dueto flooding or manually by admin for management purposes.  It is required that admin can disable or enable any port by using BASH script. Later it should be integrated with SMS using existing KANNEL gateway via playSMS app. so that admin can send an sms to his KANNEL gateway with the parameters and then system can act upon it as directed. in ubuntu, ‘EXPECT’ package is also installed which will be required in executing helper scripts so take a note of it.

SCRIPTS:

It requires 3 scripts.

master.sh
It will act as launcher which will check for 3 variables validity.It will also check the switch availability via ping, it will check for port status before doing any action and will act accordingly.

ciscoup.sh     [helper script for master]
It will SSH to cisco switch and execute shut/noshut command to turn the PORT UP.

ciscodown.sh     [helper script for master]
It will SSH to cisco switch and execute shut command to turn the PORT DOWN.

 

SCRIPT Example

./master.sh switch_number port_number ACTION_required

./master.sh SW1 24 DOWN
./master.sh SW1 24 UP


master.sh

#!/bin/bash
# Script to manage CISCO 3750/xxxx model switch via bash script.
# It can print all errors related to script, it can perform given Action like UP/DOWN for any given port on require switch.
# Comes handy like you can integrate it with PHP  or any frontend.
# I made it for specific network where OP wanted to UP/DOWN the PORT via sending SMS to linux base system, and it will perform
# action as directed.
# Syed Jahanzaib
# aacable at hotmail dot com
# https://aacable.wordpress.com
# Created = 11-DEC-2015
# Last Mofidied = 11-DEC-2015

# Enable set -x to enable SCRIPT DEBUG mode.
#set -x

# Setting various Variables

# SWITCH IP Address VALUE
# Check VAR1 and match value with valid data
if [ "$1" != "SW1" ] && [ "$1" != "SW2" ];
then
echo "Switch Value must be SW1 or SW2
Usage Example:

./master.sh SW1 24 UP"

exit 1; fi

# SWITCH IP ADDRESSES. CHANGE IT AS REQUIRED / ZAIB
SW1IP="192.168.0.1"
SW2IP="192.168.0.2"

###########################################
# MAKE SURE YOU CHANGE THIS OID AS REQUIRED. SOME SWITCHES LIKE MB/GB MAY HAVE DIFFERNT OID IN UR NETWORK.
PORTOID="1.3.6.1.2.1.2.2.1.8.101"
# To get Port description, friendly text for port
PORTDESC="1.3.6.1.2.1.31.1.1.1.18.101"

# SWITCH IP variable
# Check VAR1 and match value with valid data
if [ "$1" = "SW1" ] ; then
SWITCH="$SW1IP"
fi

if [ "$1" == "SW2" ] ; then
SWITCH="$SW2IP"
fi

# SWITCH Variable
# Check VAR1 and match value with valid data
PORT="$2"
if [[ "$PORT" =~ ^[0-9]+$ ]] && [[ "$PORT" -le 48 ]] ; then
echo
else
echo "PORT value not correct. It must be in numeric format like 01 upto max 48 etc
Usage Example:

./master.sh SW1 24 UP"

exit 1; fi

# ACTION Variable
# Check VAR1 and match value with valid data
ACTION="$3"

if [ "$ACTION" != "UP" ] && [ "$ACTION" != "DOWN" ];
then
echo "Action Value not correct, it must be either UP or DONW
Usage Example:

./master.sh SW1 24 UP"

exit 1; fi

# Check PING status of switch.
# Check if Mikrotik is accessibel or not, if not then EXIT immediately with error / zaib
if [[ $(ping -q -c 2 $SWITCH) == @(*100% packet loss*) ]]; then
echo "ALERT ..... $SWITCH is DOWN. cannot process further. check connectivity."
exit
else
echo "$SWITCH is accessible OK."
fi

# Port Description infor to get more accurate idea about port info
DESCR=`snmpwalk -v1 -c public $SWITCH $PORTDESC$PORT | sed -e 's/\"//' | sed -e 's/\"//' | awk '{print $4,$5,$6,$7,$8,$9}'`

# Print Data gaterhed
echo -e "Command Data Received.
SWITCH = $1 = $SWITCH
PORT = $PORT
PORT DESCR = $DESCR
REQUIRED ACTION = $ACTION"

# Query Present / Current PORT Status
PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'`
RESULT="$PORTQUERY"
if [ "$RESULT" == "1" ]; then
PRESULT="UP"
echo -e "PORT Current Status = $PRESULT"
else
PRESULT="DOWN"
echo -e "PORT Current Status = $PRESULT"
fi

# Match condition. If Action required is UP and port is already UP, then NO ACTION, just exit.
PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'`
RESULT="$PORTQUERY"
if [ "$RESULT" == "1" ] && [ "$ACTION" == 'UP' ];
then
echo "Port $PORT is already UP. No action is required. Exiting ..."
fi

# Match condition. If Action required is UP and port is DOWN , then run UP script.
if [ "$RESULT" == "2" ] && [ "$ACTION" == 'UP' ];
then
echo -e "PORT $PORT $PRESULT. doing UP Action..."
/temp/ciscoup.sh  $SWITCH $PORT $ACTION
#> /dev/null 2>&1
fi

# Match condition. If Action required is DOWN and port is also DOWN , then NO ACTION, Just EXIT.
if [ "$RESULT" == "2" ] && [ "$ACTION" == 'DOWN' ];
then
echo "PORT $PORT is already DOWN, no action required. Exiting ..."
fi


# Match condition. If Action required is DOWN and port is UP , then eyb UP script.
if [ "$RESULT" == "1" ] && [ "$ACTION" == 'DOWN' ];
then
echo "Doing DOWN Action..."
/temp/ciscodown.sh $SWITCH $PORT $ACTION
#> /dev/null 2>&1
fi

# PRINT Final Status (after the above actions are done, so we can have idea whats the final result)
PORTQUERY=`snmpwalk -v1 -c public $SWITCH $PORTOID$PORT | awk '{print $4}'`
RESULT="$PORTQUERY"
if [ "$RESULT" == "1" ]; then
echo
echo "FINAL RESULT = UP
~~~~~~~~~~~~~~~~~"

else
echo
echo "FINAL RESULT = DOWN
~~~~~~~~~~~~~~~~~"
fi

# SCRIPT END.
# EXIT
# JZ

ciscodown.sh [make sure you change username and password to match your switch credentials]

#!/usr/bin/expect -f
set timeout 20
set IPaddress [lindex $argv 0]
set Username "zaib"
set Password "zaib"
set PORT [lindex $argv 1]

spawn ssh -o "StrictHostKeyChecking no" $Username@$IPaddress

expect "*assword: "
send "$Password\r"

expect ">"

send "enable\r"
expect "*assword: "
send "$Password\r"


send "conf term\r"


send "interface gigabitEthernet 1/0/$PORT\r"
expect "#"

send "shut\r"
expect "#"

send "exit\r"
expect "#"
send "exit\r"

send "wr\r"
send "exit\r"

# Exit Script
exit

ciscoup.sh [make sure you change username and password to match your switch credentials]

#!/usr/bin/expect -f
set timeout 20
set IPaddress [lindex $argv 0]
set Username "zaib"
set Password "zaib"
set PORT [lindex $argv 1]

spawn ssh -o "StrictHostKeyChecking no" $Username@$IPaddress

expect "*assword: "
send "$Password\r"

expect ">"

send "enable\r"
expect "*assword: "
send "$Password\r"


send "conf term\r"


send "interface gigabitEthernet 1/0/$PORT\r"
expect "#"

send "shut\r"
expect "#"

send "no shut\r"
expect "#"

send "exit\r"
expect "#"
send "exit\r"

expect ">"
send "wr\r"
send "exit\r"

# Exit Script
exit

RESULTS SCREENSHOT

down-switch

 

.

UP

DONE!

T.C


 

WINDOWS VBS TO EXECUTE PORT COMMAND, EXMAPLE ONLY

create file on your windows desktop or in any folder

cisco.vbs

paste the following contents in it.


set  WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "cmd"
WScript.Sleep 300
WshShell.AppActivate "C:\Windows\system32\cmd.exe"
WScript.Sleep 300
WshShell.SendKeys "telnet 192.168.0.1{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "zaib"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "zaib"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "enable"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "zaib"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "configure terminal"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300
WshShell.SendKeys "interface gigabitEthernet 1/0/24"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "shut"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "wr"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

WshShell.SendKeys "exit"
WshShell.SendKeys "{ENTER}"
WScript.Sleep 300

Adjust the key stroke as required. some switches access requires user name and password both, and some requires only password. SO YOU MUST SET THE CONTENTS ACCORDINGLY. best is to open command prompt and run script in cmd so that you can see the errors.  DON’T INTERRUPT after RUNNING THE FILE.

Screenshot.

vbs


 

 

Regard’s
Syed Jahanzaib

December 7, 2012

Cisco 3750: Howto enable err-disabled ports

Filed under: Cisco Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 2:09 PM

Personnel Reference Guide:

3750

Errdisable is a feature that automatically disables a port on a Cisco Catalyst switch and is supported on most Catalyst switches running the Cisco IOS software.

The Errdisable error disable feature was designed to inform the administrator when there is a port problem or error.  The reasons a catalyst switch can go into Errdisable mode and shutdown a port are many and include:

  • Duplex Mismatch
  • Loopback Error
  • Link Flapping (up/down)
  • Port Security Violation
  • Broadcast Storms
  • etc

When a port is in error-disabled state, it is effectively shut down and no traffic is sent or received on that port. The port LED is set to the orange color and, when you issue the show interfaces command, the port status shows as Errdisabled.

To enable err-disabled ports on Cisco 3750 switch series. Follow the below . . .

First make telnet connection with the switch

telnet 10.0.0.1

(change the ip as required,)
Enter Password to continue.

To view Disabled Ports:

show interfaces status err-disabled

e.g:

NOC_SWITCH>show int status err-disabled

Port      Name               Status                    Reason               Err-disabled Vlans
Gi2/0/10                     err-disabled         link-flap

NOC_SWITCH>

To Enable Port:

enable
config t
int G2/0/10
shut
no shut
exit

Change the interface name to match your. In above example I had two 3750-e models in stack mode. so its showing G2, you may get G1 if you have single switch.

TIP:
Link flap means that the specific port continuously goes up and down. The port is put into the errdisabled state if it flaps more than four-five times in few seconds or if LOOPPBACK is detected. The common cause of link flap is a Layer 1 issue such as a bad cable, duplex mismatch.

TIP:

Use this command to disable port security, NOT RECOMMENDED

no switchport port-security

(< You probably dont need this line, its just to disable pot security feature, I used it to perform various tests)

For more detailed and brief descriptions, please visit

https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-switches/883-cisco-switches-errdisable-autorecovery.html

Regard’s
Syed Jahanzaib

%d bloggers like this: